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(S4)litle: SECURING FINANCIAL TRANSACTIONS 



(57) Abstract 

A system for securing ilnandal transactions mvolving credit 
and charge cards is describ^. As well as the normal magneic stripe 
(2), the card includes non vbibte coded information, for examine an 
infra-red readable (but not human eye visible) bar code (3). When the 
card is personalised, data recorded on to magnetic stripe (2) may be 
comUned with the bar code (3) and a randomly generated PIN num- 
ber to produce check digits followmg a givai algorithm. Those check 
digits can be recorded in the magnetic stripe (Z)l A stand alone vali> 
dator Lc; not connected to a munriame antpoier, can read both da- 
ta, from magnetic stripe (2) and the axled data sudi as bar code (3) 
aiid process the data and the PIN number input viaa keypad (41) ac> 
onding to the algoridim to produce the check digits if they mati^ an 
indication validating the proposed transaCiion can be given, for ex- 
ample » green LED (50) Kghts up. 
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SBCnBIMB PIHMCgM; TOBHSaCTIOHS 

This invention relates to securing financial 
transactions. 

5 

In recent years there has been a substantial move to 
ciishless fihancinl transaction using, as an essential 
element of the transactiour a plastics card.. A variety 
of such cards, directed to use in differing types of 
10 financial trwsaction, has emerged. Mention may be made 
of credit cards, charge cards, checpie guairantee cards 9nd 
cash cards. . ■ 

Two msdn methods have emerged for the authentication of 
15 the card at the time of transaction.- -In the case of 
.credit cards, charge c^rds and cheque guarantee cards, 
this is the signature of the nser^ which is applied to 
both the card (when the user initially receives it) and 
at the tine of the transaction, either a credit. or charge 
20 card voucher produced by the provider of goods or 

services at the time of the transaction,, or a cheque fojjm 
produced by the card holder in the case of a cheque 
guarantee card. The other method is use of a -personal 
identification number (PIH number) known theoretically 
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only to the card holder and for use in cash card 
transactions. The requirement for a personal 
identification number arises from the majority of cash 
caird trcinsactions being effected via so called automated 
5 teller machines, which produce cash for the user without 
the cash dispenser being present in person in the form of 
a human cashier or teller. 

When properly used, the FIH number approach provides a . 

10 relatively high degree of secnri^. Its use is however 
limited by the need to have the number checked and 
correlated with the data on the cash card at the time of 
the transaction. This is conventionally effected by 
cDimecting the automated teller machine on-line to a 

15 mainframe computer which, if a correct PIN number is 
provided by the user of the machine, authorises the 
transaction and enables the machine to dispense the cash. 

' While such a system is effective, it requires a very 
20 substantial investment in mainframe coinpnter back*^p. and, 
for obvious reasons, tends to "fail safe" i.e. if the- 
correct PIN number is not introduced, or if there Is some 
other problem such as the misreading of magnetic data on 
the cash card, the transaction is simply blocked. Hhile 
. 25 this is inconvenient to the user at the time, it. 

generally inconveniences no~one else. Hold-ups, however, 
at other financdal transaction processing stations, for 
example supermarket checkronts, which might be occasioned 
by a failed transaction of this nature, are unacceptable. 

30 

In situations such as supermarket check-outs, however, 
there is currently neither the equipment available to 
deal with on-line authentication nor would problems of 
dielay be acceptable. Instead, authentication is effected 
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10 



20 



25 



by signature. Despite the preBoned uniqueness of 
signatures, they do not in fact work very well as a 
security uieasure: The standard problem with cheque 
guarantee cards is that, despite instructions to the 
contrary, users tend to teep then conveniently with their 
cheque books, and if both are stolen together the thief 
may well be able to learn a passable ianitation of the 
signature on the capl and then go out and make a 
substantial number , of transactions over a short period of 
time before any alarm can be raised. This is clearly 
unsatisfactory . 



The present invention sales to provide an improved system 
using an improved form of card and novel authentication 
15 equipment. 

According to a first general feature of the present 
invention there is provided on an authentication caid 
having a magnetic atrip with magnetically recorded di^ta 
thereon, and additional coded marking which is invisible 
to the naked eye but machine readable. This provides a 
first line of defence against card fraud if it is 
arranged that part of the data recorded magnetically and 

part of the invisibly recorded data are correlated in 
some way since then any magnetic tampering with the . 
nagnetically recorded data (which is often undertaken by 
professional thieves) will remove the cotrelation and 
enable a simple self-contained detector unit to show at 
the point of the transaction that the card has been 
30 tampered with. 

Additionally, since the coded marking is invisible to the 
naked eye, it is not immediately apparent usually to the 
would-be card forger. that the marking is there at all. 



ipcr/GB9z/m5i2 



Altbongb the narking -is coded, for purposes which appear 
more fully below, the additional narlcing nay also serve 
as a security f eature merely by its presence. Thus if 
the additional narking is effected using a material 
5 having cei±ain physical characteristics cmd which is one 
not normally found in credit and charge cards, or one the 
synthesis of which is difficult to achieve, a forged card 
nay be distinguished from a genuine merely by the 
presence of the material making up the coded narlcing. 

10 

As noted above, th6 data on the magnetic strip and the 
data in the additioucil coded narking nay be directly 
correlated to enable simple detection of tampering of the 
magnetic data. However, a najor advantage of the present 
. 15 invention is that such data as is coded in the magnetic 
strip and the coded marking nay be correlated via a PIN 
ntnnber Jmown to the holder of the card but apparoit from 
neither the magnetic data nor the invisible data. 

20 Using a card coded in this way, it is possible to 
authenticate a transsiction without the necessilgr of 
referring to a mainframe coanputer but with a very high 
degree of certednty by reading data from the card, both 
the magnetic data and the non-visible data, and 

25 correlating that data with a PHI number provided by the 
. card holder at the time of the transaction. The PIB 

number nay be inserted into the detector unit by the card ' 
. holder in a fashion which does not reveal the VXB nunber 
to the. bystander, or for exanple the cashier, at the 

30 vending estahlishnent. 



A detector unit nay be used to validate the transaction. 
Thus according to a further feature of the present 
invention there is provided validation apparatus for use 
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with a Ccurd of the type described above which comprises 
means for reading data recorded magnetically on a 
magnetic strip of the card, means for reading -data from 
the additional coded meurking thereon, personal 
5 identification number inpnt means, a pre-programmed 
propesaing unit adapted to process data input from the 
magnetic strip coded marking and PHI number inputs and to 
display the results of such processing as a visual - 
indication corroborating or denying the validly of a 
Id' proposed transaction. 

Such validator apparatus may be embodied in a relatively 
small, relatively inexpensive unit.. So called swipe ' 
readers for cards bearing a magnetically coded stripe are 

15 well known and find application in numerous areas of ' 
technology, for exanple in electronic tills and card 
qperated telephone boxes. They usually include a channel 
along which the card is passed, either by hand or driven 
by apprqpriate machinery, so that the magnetic stripe on 

20 the card passes over a magnetic reading bead. 

Conveniently the invisibly coded marking on the cfird can 
be read at the same time, this generally inqolying that 
the coded marlcing extends linearly in a direction 
parallel to that of the magnetic stripe. A preferred 

25 marking is a bar code type narking which is easily. 

applied during manufacture of the card. She bar code' 
marking nay be on the sane side of the card as the 
magnetic stripe or on the opposite side' and the swipe 
reader will need to be constructed accordingly. 

30 

As noted abovie, the additional coded marking on the card 
is invisible to the naked eye. This can be effected by a 
variety of means, preferred systems being to incorporate 
the narking in the interior of the. card. The marking may 
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be effected in a material iriiicb is itself effectively 
invisible (transparent or the same colour as the material 
. of card) or it nay be made in a material which when 
directly viewed is visible but which is rendered 
5 invisible by being covered with an opagae layer rendering 
it invisible to the honan eye bat where the opague layer 
is not opaqae. to some impropriate form of sensing. For 
exi^mple the code nay be printed using a material giving a 
detectable infra-red absorption or reflectancie but 
10 covered by a material transpeurent to infra-red radiation 
bat opaqae to the honan eye.. Potting the narking in the 
interior of the card, also makes it nach more difficult 
for a person ybo wishes to commit fraud by using a stolen 
card to change the data on the card.- 

15 

Thus a partieolarly preferred form of card in accordance 
witjii the present inventicin. is a plastics card having, 
printed in the interior thereof, a marking readable at 
non-visible wavelengths', preferably at infra-red 
20 wavelengths, the marking being located between a plastics 
. card base and a cover laminated to the base and 

transparent to the wavelength at iriiich the bcu: code is 
readable. 

25 Xhe. invention as illastrated by way of exaiqple in the 
accanpanying- drawing idiich shows diagrannatically. card 
manufaetui^ and transaction validation using the card. 

Referring to .the drawing this shows at the top. left a 
30 stylised credit card 1 which may be of standard shape and 
size. On one side of the card is a magnetic stripe 2 of 
standard construction. Also printed on the card is a bar 
codie 3 and a patch 4. Bar code 3 and patch 4 may be made 
' of the same material or nay be different. 
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Although barcode 3 is shown' on the drawing for cleirity 
visibly, it nay be printed in a material visually 
indistinguishable from the background. Barcode 3 and 
patch 4 may be printed on the card bjase and then covered 
5 with, for example, a visnally opaque, infra-red 
transparent cover sheet. 

The bar code 3 and pat6b 4 nay be printed on the card or 
on a layer loaking up the card by any convenient means. 
10 Ink jet printing of bar codes is a convenient and 

inexpensive means of printing bar codes on successive 
cards which vary from card to card. This is iaqoortant 
for reasons indicated below. 

15 Cards of the type illustrated in the top left of the 
accoiqtaiqring drawing, and including e.g. printing with 
graphic material indicative of the intended card issuer 
are produced by standard mass production processes. 
However for use, cards anst carry daita personal to the 

20 user- Stand^d machines are accordingly available in 
commerce for processing pre-manuf actured cards to 
personalise them. A tfpical such machine is commercially 
available under the trade designation Datacard 4650"from 
Data Card Limited and its affiliates. Other card 

25 embosQing and recording syBtens are available from other 
manufacturers » 

In the drawing, such a machine is represented 
diagrammatically by box iO having ah input tray 11 for 
JO . cards to be. personalised and an output delivery 12 where 
cards which have been processed collect. 

The card embossing and recording system 10 is connected 
via a suitable data transmission links 15 and 16 with a 
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mainframe coiqrater schematically indicated at 20 and 
under the control of the eard issuer^ for exanple a bcinlc, 
finance cCTtpsuiy or the like. 

5 Card personalisation is now effected by the embossing and 
recording system 10 as follows; 

She invisible bar code 3 is read by a suitable reader 
within unit 10. - Xhis is fed via data transmission line 
10 15 to the mainframe conpiter 20 together with a zegnest 
to prcivide data to be pot on the card. Thus the 
mainframe conqrater' may be regaested to provide the 
embossing and recording system with the account nnnber 
name and details of the intended card holder. This is 
. 15 then transmitted from the mainframe conqputer 20 to the 
embossing and recording system 10 via data link 16. 

In accordance with the invention^ the mainframe compater 
which receives the data as to the bar code 3, eateries oat 

20 suitable mathematical processing on the number 
represented by the bar code sand on other nnnbers 
associated with the particular account or person to whom 
the card will be issued. The mathematical process or 
algorithm used may vary widely but is used to combine the 

'25 invisible number from bar code 3 with data e.g. from the 
per9on's account number, and with a randcanly generated 
PIN nmnber which will be assigned to the cardholder. For 
exanple one fom of mathematioal processing may be to 
take the number represented by the bar code. 3, add the 

30 person's account number to it, multiply that sum by the 
randomly generated PIN number and discard all but the 
last three digits of the resulting large number. Those 
three digits can then be regarded as. a checking number 
which is then fed back via data link 16 to the embossing 
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tind recording system 10. The embossing cind recording 
system nay be arranged to record those three digits on to 
the magnetic stripe 2. 

5 The top right hand, comer of the drawing shows 

diagrannatically the card after processing. It still has 
unchanged bar code 3, patch 4 and magnetic stripe 2. 
However the ccurdholder's' account- number 30 has been 
embossed thereon and is shown and this number and the 
10 check digits are recorded on magnetic stripe 2. The card 
may also be appropriately embossed or otheiwise 
identified e.g. with the name of the cardholder and an- 
expiry date. 

15 The so processed card can then be transmitted to the 

cardholder in the usual way while the nminfT-am ff counter 
20 (which of course knows the PIN number allotted to that 
customer) may generate a separate letter which the 
coaqpniter separately despatches to the cardholder, advising 

20 bin or her of the PIM number he or she has been assigned. 

Once the cardholder is in poBsession of the card, it can 
be used in the normal way. Although this is not 
indicated for the sake of clarity and drawing, the card - 
25 may include a conventional signature strip and may be 
validated by signature comparison or using seme f ozn of 
qn-line validation as is well kaam. However, because of 
the presence of bar code 3 in the card and patch 4 
further means of validation are now available. 

30 

The bottom of the attached drawing shows diagrammatically 
a self contained validator unit which may be located at 
any appropriate tfansaction processing station for ' 
example in a store, supexmarket, restaixrant or- the like. 
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This nnit has a slot 40 throagh iriiich the card 1 nay be 
swiped. Located either side of slot 40 within the 
validator nnit are appropriate sensors for reading 
magnetic data on magnetic stripe 2 and the coded data on 
5 bar code 3. Patch 4 may be used in conjunction with- the 
bctr code to facilitate reading. Fbr ezanple if patch 4 
is of known width, the amount .of time patch 4 is under a 
detector head nay ^ive eui indication of appropriate ' 
clocking speed for reading the bar code, thus 
10 coB^ensating for different swipe speeds. 

. In practice, the card is first swiped through the slot 40 
and the cardholder is then invited to ii^t his or her 
PIN number via a conventional TseYpeid 41. Keypad 41- is 

15 surrounded by screens 42,43 in order to minimise the 
chance of the PIN number being detected by a casual 
observer. There is no display of what PIN nnnber has 
been entered but within the cabinet of the validator unit 
which includes slot 40 is .an appropriately programmed 

20 integrated circuit. Ibis is arranged to receive data 

read from the card and data input form- the .keypad 41 and 
then to take the data read from the card (the account 
number from magnetic stripe 2 and the b^ code 3) and 
combine it in the same way as the mainframe canqouter 20. 

25 did when the card was being personalised, to generate a 
large number and therefor the three check digits by the 
system explained above. The circuit also contains 
comparison means to determine, idiether the three check 
digits so generated match the three check digits read 

30 from magnetic stripe 2. If they do, an indicator such ais 
a bright light emitting diode 50 located on the side of 
the validator nnit lights up green thus enabling the 
proposed transaction to be authorised while if th^' do 
not natch, diode 50 lights red. 
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It can be se^n from the above that validation is 
essentially carried out by the checking process indicated 
and using the appropriate algorithm. There is- no neied to 
■ refer to a mainframe conpnter. 

The validator unit shown at the bottom of the drawing may 
simply act as a transaction validator as indicated above 
or it nay be more sophisticated. For exan^jle it may 
include large quantities of electronic memory enabling it 
to record details of each transaction for example the 
date the identity of the checkout store and perhaps of 
the checkout operator and perhaps other data enabling 
tracing to be carried out if it is subsequently decided, 
that a use of particular card needs to be traced. The 
circuitry within the unit may also for example 
incorporate programming enabling detection of operation 
at unusual hours or to oiable an unusual pattern of 
operation to- be detected, for exainple if repeated 
attends are made to validate the same card using a" 
succession of different PIH numbers as would occur if a 
member of a supermarket staff who had picked up a lost 
card but not declared that tried to find the PIH number 
related to that card by repeated trial and error. 

The validator nnit may of course have means enabling it ' 
to be programmed or reprogrammed or enabling material 
stored by it to be downloaded for subsequent 
investigative processing. The unit must of course be 
rendered reasonably secure against taiq^ing by any 
appropriate means including for example means erasing its 
programming if the casing is opened by an unauthorised 
person. 
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1.' An autiiehticiation cazd for shearing financial 

transactions consisting of a card base, a magnetic 
5 strip having magnetically recorded data thereon and 

characterised by an additional coded mcucking 
invisible to the naked eye but machine-readable. 

2.. ^ authentication card according to Claim 1, wherein 
10 the additional coded marking is in the form of a bar 

code. 

3. An authentication card according to Claim 1 or 2, 
wherein the additional coded marking is recidable- 

15 using infra-ted radiation. 

4. An authentication card according to any one of 
Claims 1 to 3, wherein the magnetic strip contains 
as part of the magnetically recorded data a . 

20 plurality of check, digits obtained by applying an 

algorithm to other data recorded on the magnetic 
strip and the additional coded marking'. 

- 5. Validation apparatus for use with an authentication 
25 . . card and in accordance with any one of the preceding 
claims sad including means for reading diata recorded 
magnetically on the magnetic- strip on the card and 
. means for inputting a personal identification 
number, and characterised by. means for. reading the 
data f rem the additional coded marking on the card 
and by a pre-programmed processing unit adapted to 
process data input from the magnetic stripe coded 
marking, the Pm nmnber input and* the additional 
coded marking and adapted to compare the results of ' 
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such processed data with data also recorded 
magnetically on the magDetic strip and display the 
results of snch coiqparison. ■ ■ . 

5 .6. Validation apparatus according Claim 5_and including 
a channel along which the ccird n&y be moved, a. 
magnetic reading head adapted to read data f rcaa the 
magnetic stripe thereon and characterised by means 
for reading the additional coded narking thereon. 
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